A permission gives a principal access to an object to perform certain actions on or with the object. SQL Server has a mind-numbingly huge number of permissions that you can grant to a principal, and you can even deny or revoke those permissions. This sounds a bit complicated, but by the end of this stairway level you’ll understand how SQL Server permissions work and how you can exert very granular control over object creation, data access, and other types of actions on database and server objects.
Read more...

Following on from a webcast, Tim Smith answers some questions on SQL Server security like: Is It Better To Mask At the Application Level Or The SQL Server Database Level? Are there any options to find SSNs in SQL Server besides RegEx? And, why would anyone store sensitive data un-encrypted in SQL Server?
Read more...

Last week one of my team members was supposed to create a SQL Authenticated ID on a SQL Server 2005 instance. This was as per the request of the Application team who would be using it for an Application.
Read more...